Re: [squid-users] acl bug (when peers configured)

From: Henrik Nordstrom <[email protected]>
Date: Thu, 30 Aug 2007 12:04:17 +0200

On tor, 2007-08-30 at 06:02 -0300, Michel Santos wrote:
> There is appearently an acl bug
>
> acls do not work for peers

They do work for peers, just the same as any other http client. There is
nothing special about peers in the access controls.

> acl all src 200.152.80.0/20

Warning: Don't redefine the "all" acl unless you are very careful. It's
used in a number of defaults and meant to match "the whole world", and
results can become a bit confusing if redefined...

Instead define a "mynetwork" acl to match your clients..

> acl danger urlpath_regex -i instal\.html
> http_access deny all danger
> #
>
> so far this works for "all", I mean it blocks as wanted
>
>
> #
> acl all src 200.152.80.0/20
> acl peer src 200.152.83.40
> acl danger urlpath_regex -i instal\.html
> http_access deny all danger
> http_access deny peer danger

Nothing obviously wrong, apart from the use of the "all" acl..

> does NOT when accessing directly from a browser from 200.152.83.40

Should it? When going directly Squid is not used...

> and does NOT work when configuring localhost as proxy on 200.152.83.40

What do access.log say on both proxies?

Regards
Henrik

Received on Thu Aug 30 2007 - 04:04:23 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT